• RSS
  • Twitter
  • FaceBook

Exchange Server Forums

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

We've been whacked with a virus and our ISP has shut us down, what can I do?

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [Microsoft Exchange 2003] >> Server Security >> We've been whacked with a virus and our ISP has shut us down, what can I do? Page: [1]
Login
Message << Older Topic   Newer Topic >>
We've been whacked with a virus and our ISP has shut us... - 8.Jun.2011 11:56:46 AM   
ronnie

 

Posts: 51
Joined: 22.Dec.2009
Status: offline 		we got hit the other day with TROJ_DRPR.BF

Our Trendmicro 6 installation can't clear it and our ISP has shutdown our outgoing SMTP traffic as our server is being used by the vrus for spamming

2 days it's been like this affecting business operations

i'm currently in dialogue with trendmicro labs though communication is very slow via their email trendlabs@av-emea.com (the only way to contact them for this)

they tell me they are working on the issue but they can't give any ETA, of which i somewhat understand. though i've nothing to report to the CEO other than just sitting here and waiting things out. goodness knows how long though it might take!

we have rudimentary IT setup and resource, but at this point now i need to come up with some alternatives

i've got a spare server here i could use for a rebuild though i'm unsure how i would go about this in replacing the current exchange server/organisation we have and ensuring full mailbox restoration

can anyone give us please some advice?
Post #: 1
RE: We've been whacked with a virus and our ISP has shu... - 17.Jun.2011 6:59:37 PM   
pjhutch

 

Posts: 3450
Joined: 21.Jul.2001
From: W Yorks, England
Status: offline 		Have you tried replacing the Trend Micro AV product with an alternative such as Microsoft's Forefront Protection 2010?
http://www.microsoft.com/forefront/protection-for-exchange/en/us/system-requirements.aspx

or McAfee's Email security products:
http://www.mcafee.com/us/products/security-for-email-servers.aspx

_____________________________

Peter Hutchison MCP
Exchange Administrator
University of Huddersfield

(in reply to ronnie)
Post #: 2
RE: We've been whacked with a virus and our ISP has shu... - 1.Sep.2011 11:21:19 AM   
ronnie

 

Posts: 51
Joined: 22.Dec.2009
Status: offline 		thanks

ended up i installed TMG server on the perimeter of our network
ensured that my exchange server was no longer an open relay
setup spam filtering
sorted out some anomalies with MX and SPF records to help keep us off blacklisting sites
configured an SMTP smart host
configured a DNS forwarder


between this lot things seem now to be back in balance

(in reply to pjhutch)
Post #: 3
RE: We've been whacked with a virus and our ISP has shu... - 1.Sep.2011 11:26:29 AM   
pjhutch

 

Posts: 3450
Joined: 21.Jul.2001
From: W Yorks, England
Status: offline 		Sounds like quite a big job. Glad to see you got is sorted out. BTW, how long did this all take and when did you connected back up?

_____________________________

Peter Hutchison MCP
Exchange Administrator
University of Huddersfield

(in reply to ronnie)
Post #: 4

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [Microsoft Exchange 2003] >> Server Security >> We've been whacked with a virus and our ISP has shut us down, what can I do? Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts


Follow TechGenix on Twitter